[mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]

sean finney seanius at seanius.net
Sun Jul 2 22:24:30 CEST 2006


hey ethan,

On Mon, Jun 19, 2006 at 03:36:59PM -0500, Ethan Galstad wrote:
> Anyone interested in making a patch for this?  I'm inclined to close 
> development on the 1.x branch, as working on three branches is a bit too 
> much.

if someone were able to provide a PoC exploit i'd be willing to
sit down and spend some time with it.  i'd be very, very sad
if you closed down development just now on the 1.x branches though,
as we'll have them in debian until sarge disappears, possibly
even etch (i'll bring this up for discussion on our side of
the fence, as we might be able to avoid it).  in any case,
some advanced warning on the website giving users a grace
period would be a considerate thing :)


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060702/1d171d5a/attachment.sig>
-------------- next part --------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list